From 24443ade2360760e9c357a98c3d9e1675dafd25c Mon Sep 17 00:00:00 2001
From: Naina Nalluri <nnalluri@codeaurora.org>
Date: Wed, 4 May 2016 14:03:40 -0700
Subject: ril: Fix kw banned functions

Fix KW banned functions

Change-Id: I052ac3065cc476dac24f5db390deda15ae584717
CRs-Fixed: 1011770
---
 libril/RilSapSocket.cpp       |  2 +-
 reference-ril/reference-ril.c | 16 ++++++++++------
 2 files changed, 11 insertions(+), 7 deletions(-)

diff --git a/libril/RilSapSocket.cpp b/libril/RilSapSocket.cpp
index d98971c..94d9894 100644
--- a/libril/RilSapSocket.cpp
+++ b/libril/RilSapSocket.cpp
@@ -250,7 +250,7 @@ void log_hex(const char *who, const uint8_t *buffer, int length) {
     int per_line = 0;
 
     do {
-        dest += sprintf(out, "%8.8s [%8.8x] ", who, source);
+        dest += snprintf(out, sizeof(out), "%8.8s [%8.8x] ", who, source);
         for(; source < length && dest_len - dest > 3 && per_line < BYTES_PER_LINE; source++,
         per_line ++) {
             out[dest++] = HEX_HIGH(buffer[source]);
diff --git a/reference-ril/reference-ril.c b/reference-ril/reference-ril.c
index 07482c8..caa5254 100644
--- a/reference-ril/reference-ril.c
+++ b/reference-ril/reference-ril.c
@@ -543,23 +543,27 @@ static void requestOrSendDataCallList(RIL_Token *t)
         err = at_tok_nextstr(&line, &out);
         if (err < 0)
             goto error;
-        responses[i].type = alloca(strlen(out) + 1);
-        strcpy(responses[i].type, out);
+
+        int type_size = strlen(out) + 1;
+        responses[i].type = alloca(type_size);
+        strlcpy(responses[i].type, out, type_size);
 
         // APN ignored for v5
         err = at_tok_nextstr(&line, &out);
         if (err < 0)
             goto error;
 
-        responses[i].ifname = alloca(strlen(PPP_TTY_PATH) + 1);
-        strcpy(responses[i].ifname, PPP_TTY_PATH);
+        int ifname_size = strlen(PPP_TTY_PATH) + 1;
+        responses[i].ifname = alloca(ifname_size);
+        strlcpy(responses[i].ifname, PPP_TTY_PATH, ifname_size);
 
         err = at_tok_nextstr(&line, &out);
         if (err < 0)
             goto error;
 
-        responses[i].addresses = alloca(strlen(out) + 1);
-        strcpy(responses[i].addresses, out);
+        int addresses_size = strlen(out) + 1;
+        responses[i].addresses = alloca(addresses_size);
+        strlcpy(responses[i].addresses, out, addresses_size);
 
         {
             char  propValue[PROP_VALUE_MAX];
-- 
cgit v1.2.3